Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2023

kroll

MDR vs MSSP vs SIEM: The Evolving Threat Detection Landscape

Nov 29, 2023 By Kroll In Kroll

Effective threat detection is critical to achieving a mature cybersecurity posture. Yet with so many threat detection options on the market, from managed detection and response (MDR) to managed security service providers (MSSPs) to security information and event management (SIEM), choosing the most effective one for your organization can be challenging.

Read Post

Webinar Replay: Q3 2023 Threat Landscape: BEC Attacks Continue to Surge Across Sectors

Nov 28, 2023 By Kroll In Kroll
“In Q3, we did see an uptick in incidents impacting the manufacturing and construction sector largely led by business email compromise (BEC) or email compromise attacks. One of the reasons for this uptick in BEC attacks has to do with the reliance on third parties and suppliers.” – Laurie Iacono.
View Video

Webinar Replay: Q3 2023 Threat Landscape: Social Engineering Yields Initial Access

Nov 28, 2023 By Kroll In Kroll
“From using QR codes in emails to sharing links via Microsoft Teams, threat actors are evolving their methodology to manipulate humans to click on the bait. This is not phishing through email; it's phishing through an instant messaging platform.” – Laurie Iacono.
View Video
kroll

Free Template: MITRE ATT&CK Detection Maturity Assessment & Guide

Nov 20, 2023 By Kroll In Kroll

The threat landscape has evolved rapidly in recent years due to major changes in the way organizations operate and adopt new technologies. Cloud services such as Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) have seen massive growth over the last decade. With accelerated digital transformation, increased remote working and cloud adoption, the attack surface has increased for most organizations.

Read Post
kroll

Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage

Nov 15, 2023 By Laurie Iacono In Kroll

Social engineering in its many forms took center stage in Q3 2023. The quarter saw “human hacking” evolve from a long-standing security challenge to threat actors’ method of choice. This was evidenced by our observations of the dramatic escalation of social engineering tactics, with significant increases in phishing, smishing, valid accounts, voice phishing and other tactics—adding up to the highest volume of incidents we have seen in 2023.

Read Post

Lessons Learned From 50+ MOVEit Exploit (CVE-2023-34362) Investigations - Full Webinar

Nov 10, 2023 By Kroll In Kroll
In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.
View Video
kroll

SkeletonXE - Responding to the CISCO Vulnerability (CVE-2023-20198)

Nov 7, 2023 By George Glass In Kroll

On October 16, 2023, Kroll Cyber Threat Intelligence (CTI) analysts were made aware of an ongoing exploitation of a recently discovered vulnerability within the web user interface (UI) functionality of Cisco IOS XE (CVE-2023-20198). This security flaw is critical with a CVSS score of 10.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.